<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>MYSQL POLICIES</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
<meta http-equiv="Content-Language" content="en" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<meta name="robots" content="all" scheme="http://www.robotstxt.org/" />
<meta name="Generator" content="Oracle DARB XHTML converter - Version 4.1.3 Build 116" />
<meta name="Date" content="June 22, 2005 15:47:54" />
<meta name="doctitle" content="Mysql &reg; Database Plugin Policy Manual Release 1.0" />
<meta name="partno" content="B14196-01" />
<link rel="Start" href="../../index.htm" title="Home" type="text/html" />
<link rel="Copyright" href="../../dcommon/html/cpyr.htm" title="Copyright" type="text/html" />
</head>
<body>

<div class="IND"><!-- End Header -->
<h1>MYSQL POLICIES</h1>
<h2 class="tocheader"><a href="#intro"><span class="secnum">1</span> Introduction</a></h2>
<dl>
  <dd><a href="#intro">About this Manual</a></dd>
</dl>
<h2 class="tocheader"><a href="#Tmp_Table_Size Setting"><span class="secnum">2</span> Policy List </a></h2>

<dl>
<dd><a href="#Tmp_Table_Size Setting">1  Tmp_Table_Size Setting</a></dd>
<dd><a href="#Log_Slow_Queries Setting">2  Log_Slow_Queries Setting</a></dd>
<dd><a href="#Log_Queries_Not_Using_Indexes Setting">3  Log_Queries_Not_Using_Indexes Setting</a></dd>
<dd><a href="#Log_Warnings Setting">4  Log_Warnings Setting</a></dd>
<dd><a href="#Innodb_File_Per_Table Setting">5  Innodb_File_Per_Table Setting</a></dd>
<dd><a href="#Sync_Binlog Setting">6  Sync_Binlog Setting</a></dd>
<dd><a href="#Binary Log Setting">7  Binary Log Setting</a></dd>
<dd><a href="#Insufficient Innodb Log Files">8  Insufficient Innodb Log Files</a></dd>
<dd><a href="#Innodb_Log_File_Size Setting">9  Innodb_Log_File_Size Setting</a></dd>
<dd><a href="#Lower_Case_Table_Names Setting">10  Lower_Case_Table_Names Setting</a></dd>
<dd><a href="#Back_Log Setting">11  Back_Log Setting</a></dd>
<dd><a href="#Expire_Logs_Days&nbsp;Setting">12  Expire_Logs_Days Setting</a></dd>
<dd><a href="#Tmpdir Setting">13  Tmpdir Setting</a></dd>
<dd><a href="#Max_Heap_Table_Size Setting">14  Max_Heap_Table_Size Setting</a></dd>
<dd><a href="#Query_Cache_Size Setting">15  Query_Cache_Size Setting</a></dd>
<dd><a href="#Query_Cache Support">15.1  Query_Cache Support</a></dd>
<dd><a href="#Query_Cache_Type Setting">15.2  Query_Cache_Type Setting</a></dd>
<dd><a href="#Innodb Engine Support">16  Innodb Engine Support</a></dd>
<dd><a href="#Binlog_Cache_Size Setting">17  Binlog_Cache_Size Setting </a></dd>
<dd><a href="#Table_Cache Setting">18  Table_Cache Setting</a></dd>
<dd><a href="#General Log State">19  General Log State </a></dd>
<dd><a href="#Old_Passwords Setting">20  Old_Passwords Setting</a></dd>
<dd><a href="#Read_Only Setting">21  Read_Only Setting</a></dd>
<dd><a href="#Thread_Cache_Size Setting">22  Thread_Cache_Size Setting</a></dd>
<dd><a href="#Wait_Timeout Setting">23  Wait_Timeout Setting</a></dd>
<dd><a href="#Anonymous_Account_Exists">24  Anonymous_Account_Exists</a></dd>
<dd><a href="#Remote_Root_Access">25  Remote_Root_Access</a></dd>
<dd><a href="#Monitor_Account_State">26  Monitor_Account_State</a></dd>
<dd><a href="#Report_Parameter Setting">27  Report_Parameter Setting</a></dd>
<dd><a href="#Key_Buffer_Size Setting">29  Key_Buffer_Size Setting</a></dd>
<dd><a href="#Test_Db_Exists">30  Test_Db_Exists </a></dd>
<dd><a href="#Innodb_Lock_Wait_Timeout Setting">31  Innodb_Lock_Wait_Timeout Setting </a></dd>
<dd><a href="#Innodb_Rollback_on_Timeout Setting">32  Innodb_Rollback_on_Timeout Setting</a></dd>
<dd><a href="#Skip-External-Locking Setting">33  Skip-External-Locking Setting</a></dd>
<dd><a href="#Skip-Name-Resolve Setting">34  Skip-Name-Resolve Setting</a></dd>
<dd><a href="#Innodb-Status-File Setting">36  Innodb-Status-File Setting</a></dd>
<dd><a href="#Slow_Launch_Time Setting">37  Slow_Launch_Time Setting</a></dd>
<dd><a href="#Long_Query_Time Setting">38  Long_Query_Time Setting </a></dd>
<dd><a href="#Slave_Load_tmpdir Setting">39  Slave_Load_tmpdir Setting</a></dd>
<dd><a href="#Slave_Skip_Errors Setting">40  Slave_Skip_Errors Setting </a></dd>
<dd><a href="#Mysql_Sysdb_TableSize Too Large">41  Mysql_Sysdb_TableSize Too Large</a></dd>
<dd><a href="#Log_Slave_Updates Setting">42  Log_Slave_Updates Setting</a></dd>
<dd><a href="#Backup_Conf Setting">43  Backup_Conf Setting</a></dd>
<dd><a href="#Mytab Setting">44  Mytab Setting</a></dd>
<dd><a href="#Mysqld_Running_Account">51  Mysqld_Running_Account</a></dd>
<dd><a href="#Local_Infile Setting">52  Local_Infile Setting</a></dd>
<dd><a href="#Secure_Auth Setting">53  Secure_Auth Setting</a></dd>
<dd><a href="#Skip-Show-Database Setting">54  Skip-Show-Database Setting</a></dd>
<dd><a href="#Skip-Symbolic-Links Setting">55  Skip-Symbolic-Links Setting</a></dd>
<dd><a href="#Skip-Grant-Tables Setting">56  Skip-Grant-Tables Setting </a></dd>
<dd><a href="#Datadir_Perm_Mode">57  Datadir_Perm_Mode</a></dd>
<dd><a href="#Mycnf_Perm_Mode">58  Mycnf_Perm_Mode</a></dd>
<dd><a href="#Empty_Password">59  Empty_Password</a></dd>
<dd><a href="#Account_Access_From_Anywhere">59.1  Account_Access_From_Anywhere</a></dd>
<dd><a href="#User_DropDB_Priv">59.2  User_DropDB_Priv</a></dd>
<dd><a href="#User_MysqlDB_Priv">59.3  User_MysqlDB_Priv</a></dd>
</dl>

<h2><a name="Tmp_Table_Size Setting" target="_blank"></a>1  Tmp_Table_Size Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the value of tmp_table_size is not less than 500M. If less than 500M, then report a critical violation issue.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
    <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
    <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
    <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
    <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
    <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
    <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
  </TR>
<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
  <TR> 
    <TD SCOPE="row"> <P>Critical</P> </TD> 
    <TD> <P>Configuration</P> </TD> 
    <TD> <P>MYSQL RELEASE</P> </TD> 
    <TD> <P>All</P></TD>
    <TD> <P>The underlying metric has a collection frequency of once every 4 hours.</P></TD> 
    <TD> <P>Database configuration is not in adapted state. Tmp_table_size is %value%, less than 500M.</P> </TD> 
  </TR> 
</TABLE> 
<p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
<p>Tmp_table_size is an initial-start option. The value of tmp_table_size is the maximum size of internal in-memory temporary tables. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
<p>If too small, it may lead to disk based temporary table and lead to low performance.</p>
<H3>Action</H3>
<p>Place "tmp_table_size=500M" or bigger value in mysql config file, and restart the database to take it into effect. </p>

<hr>
<h2><a name="Log_Slow_Queries Setting"  target="_blank"></a>2  Log_Slow_Queries Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the option of log_slow_queries is enabled.</SPAN></P>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
  </TR>
<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
  <TR> 
     <TD SCOPE="row"> <P>Critical</P> </TD> 
     <TD> <P>Configuration</P> </TD> 
     <TD> <P>MYSQL RELEASE</P> </TD> 
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours.</P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of log_slow_queries is %value%.</P> </TD> 
  </TR> 
</TABLE> 
<p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
<p>Ensure that the variable of log_slow_query is turned on. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
<p>Slow queries are queries which take more than the amount of time defined in "long_query_time" or which do not use indexes well, 
	if log_long_format is enabled. <br>
	If not enabled, mysql database can not log slow queries.	</p>
<H3>Action</H3>
<p>Before MySQL 5.1.29,  use the --log_slow_query option to enable slow query log with default slow query log file 
	 or use --log_slow_query=file_name option to enable slow query log with designated slow query log file.<br><br>
   From MySQL 5.1.29, use the --slow_query_log option to enable the slow query log and use the --slow_query_log_file=file_name option to set the slow query log file name.<br><br>
   Put corresponding option in mysql config file and then restart database to make it take into effect.
</p>

<hr>
<h2><a name="Log_Queries_Not_Using_Indexes Setting" target="_blank"></a>3  Log_Queries_Not_Using_Indexes Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the option of log_queries_not_using_indexes is turned on.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
		 <TD SCOPE="row"> <P>Warning</P> </TD> 
		 <TD> <P>Configuration</P> </TD> 
		 <TD> <P>MYSQL RELEASE</P> </TD>
		 <TD> <P>All</P></TD>
		 <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of log_queries_not_using_indexes is %value%.</P> </TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the variable of log_queries_not_using_indexes is enabled. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>If you are using this option with the slow query log enabled, queries that are expected to retrieve all rows are logged
. This option does not necessarily mean that no index is used. </p>

<H3>Action</H3>
<p>Turn on the variable of log-queries-not-using-indexes.</p>

<hr>
<h2><a name="Log_Slow_Queries Setting" target="_blank"></a>2  Log_Slow_Queries Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the option of log_slow_queries is enabled.</SPAN></P>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
  </TR>
<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
  <TR> 
     <TD SCOPE="row"> <P>Critical</P> </TD> 
     <TD> <P>Configuration</P> </TD> 
     <TD> <P>MYSQL RELEASE</P> </TD> 
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours.</P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of log_slow_queries is %value%.</P> </TD> 
  </TR> 
</TABLE> 
<p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
<p>Ensure that the variable of log_slow_query is turned on. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
<p>Slow queries are queries which take more than the amount of time defined in "long_query_time" or which do not use indexes well, 
	if log_long_format is enabled. <br>
	If not enabled, mysql database can not log slow queries.	</p>
<H3>Action</H3>
<p>Before MySQL 5.1.29,  use the --log_slow_query option to enable slow query log with default slow query log file 
	 or use --log_slow_query=file_name option to enable slow query log with designated slow query log file.<br><br>
   From MySQL 5.1.29, use the --slow_query_log option to enable the slow query log and use the --slow_query_log_file=file_name option to set the slow query log file name.<br><br>
   Put corresponding option in mysql config file and then restart database to make it take into effect.
</p>

<hr>
<h2><a name="Log_Queries_Not_Using_Indexes Setting  target="_blank""></a>3  Log_Queries_Not_Using_Indexes Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the option of log_queries_not_using_indexes is turned on.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
		 <TD SCOPE="row"> <P>Warning</P> </TD> 
		 <TD> <P>Configuration</P> </TD> 
		 <TD> <P>MYSQL RELEASE</P> </TD>
		 <TD> <P>All</P></TD>
		 <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of log_queries_not_using_indexes is %value%.</P> </TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the variable of log_queries_not_using_indexes is enabled. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>If you are using this option with the slow query log enabled, queries that are expected to retrieve all rows are logged
. This option does not necessarily mean that no index is used. </p>

<H3>Action</H3>
<p>Turn on the variable of log-queries-not-using-indexes.</p>
  
<p>Before MySQL 5.1.29,  use the --log_slow_query option to enable slow query log with default slow query log file 
	 or use --log_slow_query=file_name option to enable slow query log with designated slow query log file.<br><br>
   From MySQL 5.1.29, use the --slow_query_log option to enable the slow query log and use the --slow_query_log_file=file_name option to set the slow query log file name.<br><br>
   Put corresponding option in mysql config file and then restart database to make it take into effect.
</p>

<hr>
<h2><a name="Log_Warnings Setting" target="_blank"></a>4  Log_Warnings Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the option of log_warnings is turned on.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
		 <TD SCOPE="row"> <P>Warning</P> </TD> 
		 <TD> <P>Configuration</P> </TD> 
		 <TD> <P>MYSQL RELEASE</P> </TD>
		 <TD> <P>All</P></TD>
		 <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of log_warnings is %value%.</P> </TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
 
<H3>Description</H3>
   <p>Ensure that the value of log_warnings is greater than 1. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>If you have any problems with MySQL, you can check the error log for possible explanations by setting this variable.</p>

<H3>Action</H3>
   <p>Set the value of log_warnings with 2 or larger.</p>
  
<hr>
<h2><a name="Innodb_File_Per_Table Setting" target="_blank"></a>5  Innodb_File_Per_Table Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the option of innodb_file_per_table is enabled.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="200%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
		 <TD SCOPE="row"> <P>Warning</P> </TD> 
		 <TD> <P>Configuration</P> </TD> 
		 <TD> <P>MYSQL RELEASE</P> </TD>
		 <TD> <P>All</P></TD>
		 <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of innodb_file_per_table is %value%. </P></TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the variable of innodb_file_per_table is turned on. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>If the variable of innodb_file_per_table is not turned on, innodb table will suffer more fragmentations and lead to low
 performance. </p>
<H3>Action</H3>
   <p>Place the option "innodb_file_per_table" in mysql config file, and then restart database to take it into effect.</p>

<hr>
<h2><a name="Sync_Binlog Setting" target="_blank"></a>6  Sync_Binlog Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the option of sync_binlog is turned on.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
		 <TD SCOPE="row"> <P>Warning</P> </TD> 
		 <TD> <P>Configuration</P> </TD> 
		 <TD> <P>MYSQL RELEASE</P> </TD>
		 <TD> <P>All</P></TD>
		 <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of sync_binlog is %value%.</P></TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the variable of sync_binlog is turned on. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>It will make poor performance with high transaction commit rate when sync_binlog=1. <br><br>For replication safety, it is recommended to set this variable with value 1. </p>
<H3>Action</H3>
   <p>Set the value of sync_binlog with 1.</p>  

<hr>
<h2><a name="Binary Log Setting" target="_blank"></a>7  Binary Log Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the option of log_bin is turned on.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
		 <TD SCOPE="row"> <P>Warning</P> </TD> 
		 <TD> <P>Configuration</P> </TD> 
		 <TD> <P>MYSQL RELEASE</P> </TD>
		 <TD> <P>All</P></TD>
		 <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of log_bin is %value%.</P></TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the variable of log_bin is turned on. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>It will cause performance degradation. Not only for data security and integrity, but also for replication requireme
nt, it is highly recommended to enable it. </p>
<H3>Action</H3>
   <p>It is an initial option. Place the option of log_bin in mysql config file and then restart the database to take it into effect.</p>  
   
<hr>
<h2><a name="Insufficient Innodb Log Files target="_blank""></a>8  Insufficient Innodb Log Files</h2> 
   <P><SPAN class=bodycopy>This policy checks whether the value of <font color="#0000a0"><b><em>innodb_log_files_in_group</em></b></font> is suitable.</SPAN>
<H3>Policy Summary</H3>
   <p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
		 <TD SCOPE="row"> <P>Warning</P> </TD> 
		 <TD> <P>Configuration</P> </TD> 
		 <TD> <P>MYSQL RELEASE</P> </TD>
		 <TD> <P>All</P></TD>
		 <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of innodb_log_files_in_group is %value%.</P></TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the number of members in the innodb log group is greater than 2. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>If the number of innodb log files is too low, the innodb log files will be covered in short time with frequent updates 
system. They are useful in recovery case. </p>
<H3>Action</H3>
   <p>1. normally shutdown database. <br>
   	  2. backup current innodb log files and then rm them (note: maybe you can reserve them).<br>
   	  3. change the value of innodb_log_files_in_group (>2) in mysql config file. <br> 
   	  4. startup database. Keep an eye on err log.<br>
   </p>  
   
<hr>
<h2><a name="Innodb_Log_File_Size Setting" target="_blank"></a>9  Innodb_Log_File_Size Setting</h2> 
   <P><SPAN class=bodycopy>This policy checks whether the value of innodb_log_file_size is suitable.</SPAN>
<H3>Policy Summary</H3>
   <p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
		 <TD SCOPE="row"> <P>Critical</P> </TD> 
		 <TD> <P>Configuration</P> </TD> 
		 <TD> <P>MYSQL RELEASE</P> </TD>
		 <TD> <P>All</P></TD>
		 <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of innodb_log_file_size is %value%.</P></TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the size of innodb log file not less than 200M. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>If the size of innodb log file is too small, this may lead to unneeded buffer pool flush activity on log file overwrite.', </p>
<H3>Action</H3>
   <p>1. normally shutdown the database.<br>
   	  2. backup current innodb log files, and then rm them.<br>
   	  3. change the value of innodb_log_file_size in mysql config files.<br>
   	  4. startup database, it will create new innodb log files automatically. Keep an eye on err log.<br>
   </p>  
   
<hr>
<h2><a name="Lower_Case_Table_Names Setting" target="_blank"></a>10  Lower_Case_Table_Names Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the option of lower_case_table_names  is turned on.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
		 <TD SCOPE="row"> <P>Warning</P> </TD> 
		 <TD> <P>Configuration</P> </TD> 
		 <TD> <P>MYSQL RELEASE</P> </TD>
		 <TD> <P>All</P></TD>
		 <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of lower_case_table_names is %value%.</P></TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the variable of lower_case_table_names is turned on. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>Table and database names are stored on disk using the lettercase specified in the CREATE TABLE or CREATE DATABASE statement. Name comparisons are case sensitive. </p>
<H3>Action</H3>
   <p>It is an initial option. Place the option --lower_case_table_names in mysql config file and then restart database to take it into effect.</p>  
   
<hr>
<h2><a name="Back_Log Setting" target="_blank"></a>11  Back_Log Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the value of back_log is suitable.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
		 <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
	</TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
	<TR> 
           <TD SCOPE="row"> <P>Warning</P> </TD> 
	   <TD> <P>Configuration</P> </TD> 
	   <TD> <P>MYSQL RELEASE</P> </TD>
	   <TD> <P>All</P></TD>
	   <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
           <TD> <P>Database configuration is not in adapted state. Current value of back_log is %value%, less than 50.</P></TD> 
	</TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the value of back_log is not less than 50. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>If you have a very high connection rate and experience "connection refused" errors, you might need to increase this value., </p>
<H3>Action</H3>
   <p>Place "back_log=50" or higher value in mysql config file, restart database to take it into effect.</p>  
   
<hr>
<h2><a name="Expire_Logs_Days&nbsp;Setting" target="_blank"></a>12  Expire_Logs_Days Setting</h2> 
<P><SPAN class=bodycopy>This policy checks whether the value of expire_logs is suitable.</SPAN>
<H3>Policy Summary</H3>
<p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
  </TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
  <TR> 
     <TD SCOPE="row"> <P>Critical</P> </TD> 
     <TD> <P>Configuration</P> </TD> 
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. Current value of expire_logs_days is %value%.</P></TD> 
   </TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the value of expire_logs_days is greater than 4. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>It can purge old binary log files automatically and reclaim the space of old binary log files.</p>
<H3>Action</H3>
   <p>mysql>set global expire_logs_days=5; (don't set too large value)</p>  
   
<hr>
<h2><a name="Tmpdir Setting" target="_blank"></a>13  Tmpdir Setting</h2> 
   <P><SPAN class=bodycopy>This policy checks whether the value of "tmpdir" is suitable.</SPAN>
<H3>Policy Summary</H3>
   <p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
  </TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
  <TR> 
     <TD SCOPE="row"> <P>Warning</P> </TD> 
     <TD> <P>Configuration</P> </TD> 
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. Current tmpdir is put on /tmp or /tmp/.</P></TD> 
  </TR> 
</TABLE> 
 <p>* The policy is evaluated each time its underlying configuration metric is collected. </p>
<H3>Description</H3>
   <p>Ensure that the tmpdir not put on /tmp. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>The directory of tmpdir is used by MySQL for storing temporary files. It might be good to put it on a swapfs/tmpfs file
system, however if you create very large temporary files, it will influence system swap usage. </p>
<H3>Action</H3>
   <p>If you need create large temporary files, do not put tmpdir on /tmp, It might be good to put it on a dedicated disk or datadir.</p>  
   
<hr>
<h2><a name="Max_Heap_Table_Size Setting" target="_blank"></a>14  Max_Heap_Table_Size Setting</h2> 
  <P><SPAN class=bodycopy>This policy checks whether the value of max_heap_table_size is suitable.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
  </TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
  <TR> 
     <TD SCOPE="row"> <P>Critital</P> </TD> 
     <TD> <P>Configuration</P> </TD> 
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state.  Current value of max_heap_table_size is %value%.</P></TD> 
  </TR> 
</TABLE> 
<H3>Description</H3>
   <p>Ensure that the value of max_heap_table_size is suitable. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>It is maximum allowed size for a single HEAP (in memory) table. Do not set too large value, or it could use up all memory resources.</p>
<H3>Action</H3>
   <p>mysql> set max_heap_table_size=67108864; (or bigger value)</p>  
   
<hr>
<h2><a name="Query_Cache_Size Setting" target="_blank"></a>15  Query_Cache_Size Setting</h2> 
  <P><SPAN class=bodycopy>This policy checks whether the value of query_cache_size is suitable.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p> 
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information."> 
  <TR> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD> 
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD> 
  </TR>
	<!-- DO NOT LEAVE ANY FIELDS BLANK. --> 
  <TR> 
     <TD SCOPE="row"> <P>Warning</P> </TD> 
     <TD> <P>Configuration</P> </TD> 
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD> 
     <TD> <P>Database configuration is not in adapted state. The value of query_cache_size is %value%.</P></TD> 
  </TR> 
</TABLE> 
<H3>Description</H3>
   <p>Ensure that the value of query_cache_size is nonzero.</p>
<H3>Impact of Violation</H3>
   <p>Having the query cache enabled may result in significant speed improvements, if your have a lot of identical queries and rarely changing tables.</p>
<H3>Action</H3>
   <p>mysql> set global query_cache_size=67108864;</p>  

<hr>
<h2><a name="Query_Cache Support" target="_blank"></a>15.1 Query_Cache Support </h2>
  <P><SPAN class=bodycopy>This policy checks whether the option of have_query_cache is enabled.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Critical</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. Current value of have_query_cache is %value%.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that mysqld supports query cache. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>If mysqld not supports query cache, you can not use query cache.</p>
<H3>Action</H3>
   <p></p>

<hr>
<h2><a name="Query_Cache_Type Setting" target="_blank"></a>15.2  Query_Cache_Type Setting</h2>
  <P><SPAN class=bodycopy>This policy checks whether the option of query_cache_type is enabled.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Warning</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. Current value of query_cache_type is %value%.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that query_cache_type is turned on. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>If query_cache_type is turned off, even if query_cache_size set with a none-zero value, query_cache is out of use.</p>
<H3>Action</H3>
   <p>mysql> set global query_cache_type=ON;</p>

<hr>
<h2><a name="Innodb Engine Support" target="_blank"></a>16  Innodb Engine Support</h2>
  <P><SPAN class=bodycopy>This policy checks whether the option of have_innodb is enabled.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Critical</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. The value of have_innodb is %value%.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that mysqld supports innodb engine. Check the variable with have_innodb. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>If mysqld does not support innodb engine, you can not create innodb table.</p>
<H3>Action</H3>
   <p>Check the variables with skip-innodb and have_innodb, if they are both in right state, check the mysql error log.</p>

<hr>
<h2><a name="Binlog_Cache_Size Setting" target="_blank"></a>17  Binlog_Cache_Size Setting</h2>
  <P><SPAN class=bodycopy>This policy checks whether the value of binlog_cache_size is suitable.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Warning</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. Current value of binlog_cache_size is %value%.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that the value of binlog_cache_size is not less than 8M. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>The size of the cache to hold the SQL statements for the binary log during a transaction.If the transaction is larger t
han this value, temporary file on disk is used instead. The size of the cache to hold the SQL statements for the binary log during a transaction.If the transaction is larger than this value, temporary file on disk is used instead. </p>
<H3>Action</H3>
   <p>mysql> set global binlog_cache_size=8388608; (or bigger value)</p>

<hr>
<h2><a name="Table_Cache Setting" target="_blank"></a>18  Table_Cache Setting</h2>
  <P><SPAN class=bodycopy>This policy checks whether the value of table_cache or table_open_cache is suitable.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Warning</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. The value of table_cache/table_open_cache is %value%.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that the value of table_cache/table_open_cache is not less than 512. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>It is the number of open tables for all threads. Increasing this value increases the number of file descriptors that mysqld requires. Make sure to set the amount of open files in the variable open-files-limit.</p>
<H3>Action</H3>
   <p>mysql> set global table_cache=512;</p>

<hr>
<h2><a name="General Log State" target="_blank"></a>19  General Log State</h2>
  <P><SPAN class=bodycopy>This policy checks whether the option of log is enabled;</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Critical</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. The value of general log is %value%.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that the general log is turned off. It can be configured online only after version 5.1 .</p>
<H3>Impact of Violation</H3>
   <p>With this option enabled, MySQL will log the full query. This is useful for debugging, but it will cause performance degradation.</p>
<H3>Action</H3>
   <p>Usually, don't enable this option. To turn it off, prior to version 5.1, comment the log variable in mysql config file and restart database to take it into effect, and with newer version you can turn it off online.</p>

<hr>
<h2><a name="Old_Passwords Setting" target="_blank"></a>20  Old_Passwords Setting</h2>
  <P><SPAN class=bodycopy>This policy checks whether the option of <font color="#0000a0"><b><em>old_passwords</em></b></font> is turned on.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Critical</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. The value of old_passwords is %value%.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that old_passwords is turned off. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>Force the server to generate short (pre-4.1) password hashes for new passwords. This is useful for compatibility when the server must support older client programs. But it is less secure than longer password.</p>
<H3>Action</H3>
   <p>mysql> set global old_passwords=OFF;</p>

<hr>
<h2><a name="Read_Only Setting" target="_blank"></a>21  Read_Only Setting</h2>
  <P><SPAN class=bodycopy>This policy checks whether the option of <font color="#0000a0"><b><em>read_only</em></b></font> is turned on.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Critical</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. The option of read_only is not in suitable state.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that the option of read-only/read_only is turned on if the server is only a slave and turned off if the server is a master. It can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>Turning on the option of read-only/read_only, the server allows no updates except from users that have the SUPER privilege or (on a slave server) from updates performed by slave threads.</p>
<H3>Action</H3>
   <p>Turn on read-only option on slave and turn off read-only on master.</p>

<hr>
<h2><a name="Thread_Cache_Size Setting" target="_blank"></a>22  Thread_Cache_Size Setting</h2>
  <P><SPAN class=bodycopy>This policy checks whether the value of <font color="#0000a0"><b><em>thread_cache_size</em></b></font> is suitable.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Critical</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. The value of thread_cache_size is %value%.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>This variable means how many threads we should keep in a cache for reuse, it can be configured online.</p>
<H3>Impact of Violation</H3>
   <p>When a client disconnects, the client threads are put in the cache if there are not more than thread_cache_size threads from before.  This greatly reduces the amount of thread creations needed if you have a lot of new connections.</p>
<H3>Action</H3>
   <p>mysql> set global thread_cache_size=8;</p>

<hr>
<h2><a name="Wait_Timeout Setting" target="_blank"></a>23  Wait_Timeout Setting</h2>
  <P><SPAN class=bodycopy>This policy checks whether the value of <font color="#0000a0"><b><em>wait_timeout</em></b></font> is suitable.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Warning</P> </TD>
     <TD> <P>Configuration</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P></TD>
     <TD> <P>Database configuration is not in adapted state. The value of wait_timeout is %value%.</P></TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>It is the number of seconds the server waits for activity on a non-interactive connection before closing it. It can be set only when starting mysqld.</p>
<H3>Impact of Violation</H3>
   <p>With a large value, it will waste the connection.</p>
<H3>Action</H3>
   <p>It is recommended to set with 2h, default value is 8h.
      Place interactive_timeout=7200 in mysql config file and then restart server to take it into effect.</p>

<hr>
<h2><a name="Anonymous_Account_Exists" rel="external"></a>24  Anonymous_Account_Exists</h2>
  <P><SPAN class=bodycopy>This policy checks whether the <font color="#0000a0"><b><em>anonymous account</em></b></font> exists.</SPAN>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Critical</P> </TD>
     <TD> <P>Security</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P> </TD>
     <TD> <P>Database is in an insecure state. Anonymous account exists. </P> </TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that there is no anonymous account in database.</p>
<H3>Impact of Violation</H3>
   <p>It will lead to potential safety hazard.</p>
<H3>Action</H3>
   <p>Drop anonymous account immediately.<br>
      1. mysql> delete from mysql.user where user='';<br>
      2. mysql> flush privileges;
   </p>

<hr>
<h2><a name="Remote_Root_Access" target="_blank"></a>25  Remote_Root_Access</h2>
  <P><SPAN class=bodycopy>This policy checks whether the <font color="#0000a0"><b><em>mysql root account</em></b></font> can access the server remotely not through localhost.</SPA
N>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Critical</P> </TD>
     <TD> <P>Security</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P> </TD>
     <TD> <P>Database is in an insecure state. Mysql root account can access the server remotely. </P> </TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that mysql root account can not access the server remotely.</p>
<H3>Impact of Violation</H3>
   <p>It will lead to potential safety hazard.</p>
<H3>Action</H3>
   <p>Forbid remote root access immediately.<br>
      1. mysql> delete from mysql.user where User='root' and Host != '127.0.0.1' and Host !='localhost';<br>
      2. mysql> flush privileges;
   </p>

<hr>
<h2><a name="Monitor_Account_State" target="_blank"></a>26  Monitor_Account_State</h2>
  <P><SPAN class=bodycopy>This policy checks whether the <font color="#0000a0"><b><em>mysql root account</em></b></font> can access
the server remotely not through localhost.</SPA
N>
<H3>Policy Summary</H3>
  <p>The following table lists the policy's main properties.</p>
<TABLE WIDTH="100%" CELLPADDING="2" BORDER="1" SUMMARY="This table lists policy information.">
  <TR>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Severity</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Category</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Target Type</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Versions Affected</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Policy Evaluation (*)</B></P> </TD>
     <TD WIDTH="20%" SCOPE="col"> <P><B>Alert Message</B></P> </TD>
  </TR>
        <!-- DO NOT LEAVE ANY FIELDS BLANK. -->
  <TR>
     <TD SCOPE="row"> <P>Critical</P> </TD>
     <TD> <P>Security</P> </TD>
     <TD> <P>MYSQL RELEASE</P> </TD>
     <TD> <P>All</P></TD>
     <TD> <P>The underlying metric has a collection frequency of once every 4 hours. </P> </TD>
     <TD> <P>Database is in an insecure state. Mysql root account can access the server remotely. </P> </TD>
  </TR>
</TABLE>
<H3>Description</H3>
   <p>Ensure that mysql root account can not access the server remotely.</p>
<H3>Impact of Violation</H3>
   <p>It will lead to potential safety hazard.</p>
<H3>Action</H3>
   <p>Forbid remote root access immediately.<br>
      1. mysql> delete from mysql.user where User='root' and Host != '127.0.0.1' and Host !='localhost';<br>
      2. mysql> flush privileges;
   </p>

<script language="javascript">
function externallinks() {
if (!document.getElementsByTagName) return;
var anchors = document.getElementsByTagName("a");
for (var i=0; i<anchors.length; i++) {
var anchor = anchors[i];
if (anchor.getAttribute("href") &&
anchor.getAttribute("rel") == "external")
anchor.target = "_blank";
}
}
window.onload = externallinks;
</script>

</div>
</body>
</html>

